CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6515 – Yappa-ng - Query String Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6515
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Fritz Berger yet another php photo album - next generation (yappa-ng) lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de una cadena de petición a la URI por defecto. • https://www.exploit-db.com/exploits/32640 http://packetstormsecurity.org/0812-exploits/yappang-xss.txt http://www.securityfocus.com/bid/32623 https://exchange.xforce.ibmcloud.com/vulnerabilities/49494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-3185 – Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3185
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. Vulnerabilidad de inyección SQL en index.php de Relative Real Estate Systems 3.0 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro listing_id en una acción listings. • https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101 http://securityreason.com/securityalert/4002 http://www.securityfocus.com/archive/1/493663/100/0/threaded http://www.securityfocus.com/bid/29915 http://www.vupen.com/english/advisories/2008/1926/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43316 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •